Release : 14.0
Component : CA ControlMinder
# This is based on RHEL7.4 OS and ENTM 14.0 fresh installation with AD as User Store.
# Assuming yum is configured to install packages
# Following article informs SS04430 patch is required. This is a dedicated installer released certifying RHEL7.4 onwards.
# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/release-information/solutions-amp-patches.html
# Following article explains which packages are required and what are not.
# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/implementing/install-the-enterprise-management-server/prepare-the-server.html#concept.dita_a8c24da723fe5b2563786ec1f03b8c4ac34deaa7_Linux
#!==========[ACTION ITEMS ON THE MSSQL SERVER WHERE CENTRAL DATABASE WILL BE HOSTED]=======!#
# Create a DB User under "Security-Logins" as sample below.
# Login name: entm143admin
# [x] SQL Server authentication
# Password: <yourpassword>
# [ ] Enforce password policy
# The rest is default.
#
# Create a new DB instance as sample below.
# [General] Database name: ENTM143
# [General] Owner: entm143admin
# [Options] Collation: SQL_Latin1_General_CP1_CI_AS
# The rest is default.
#
# Update "entm143admin" user again.
# [General] Default database: ENTM143
# Click OK
#
#!==========[ACTION ITEMS ON THE MSSQL SERVER WHERE ACTIVE DIRECTORY IS INSTALLED]=========!#
# 2 Administrative Accounts are needed.
# Create 2 users that will be used for ENTM.
# CN=Administrator,CN=Users,DC=ldap1,DC=lab
# CN=SystemUser,CN=Users,DC=ldap1,DC=lab
#
#
#!==============[ACTION ITEMS ON THE LINUX SERVER WHERE ENTM WILL BE INSTALLED]=============!#
# Ensure the OS is 64bit
# [[email protected]]# uname -m
# x86_64
#
# Add /etc/hosts entry with short hostname
#
# [[email protected]]# ifconfig |head -2
# ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
# inet 192.168.0.10 netmask 255.255.255.0 broadcast 192.168.0.255
#
# [[email protected]]# vi /etc/hosts
# 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
# ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 192.168.0.10 entm
#
# Ensure there are sufficient entropy, over 3000 or configure rngd (rngd -r /dev/urandom -o /dev/random)
# [[email protected]]# cat /proc/sys/kernel/random/entropy_avail
# 3249
#
# Set the file descriptor to 10000
# [[email protected]]# ulimit –n 10000
#
# Ensure firewall is not blocking the ports that will be used by PIM ENTM.
# Documentation instructs the following to be run but this is not applicable to RHEL7.x
#
# iptables -I INPUT -p tcp --dport <http_port_number> -j ACCEPT
# iptables -I INPUT -p tcp --dport <https_port_number> -j ACCEPT
# iptables -I INPUT -p tcp --dport <MessageQueue_port_number> -j ACCEPT
# iptables -I INPUT -p tcp --dport <WebService_port_number> -j ACCEPT
# iptables -I INPUT -p tcp --dport <Policy_Management_port_number> -j ACCEPT
# service iptables save
#
# Because on RHEL7 firewalld is used instead of iptables.
# Check which one is in use and run the commands according to the service used.
#
# [[email protected]]# systemctl status firewalld
# ● firewalld.service - firewalld - dynamic firewall daemon
# Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
# Active: active (running) since Sun 2019-11-17 14:18:25 PST; 2 days ago
# Docs: man:firewalld(1)
# Main PID: 748 (firewalld)
# CGroup: /system.slice/firewalld.service
# └─748 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
#
# Nov 17 14:18:24 localhost.localdomain systemd[1]: Starting firewalld - dynami...
# Nov 17 14:18:25 localhost.localdomain systemd[1]: Started firewalld - dynamic...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'bey...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: beyond-scope: ...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'fai...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: failed-policy:...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: ICMP type 'rej...
# Nov 17 14:18:26 localhost.localdomain firewalld[748]: WARNING: reject-route: ...
# Hint: Some lines were ellipsized, use -l to show in full.
#
# [[email protected]]# systemctl status iptables
# Unit iptables.service could not be found.
#
# In the above case, firewalld is in use. iptables is not installed.
# Check what firewall rules are in place
#
# [[email protected]]# firewall-cmd --list-all
# public (active)
# target: default
# icmp-block-inversion: no
# interfaces: ens33
# sources:
# services: ssh dhcpv6-client
# ports:
# protocols:
# masquerade: no
# forward-ports:
# source-ports:
# icmp-blocks:
# rich rules:
#
# [public] zone is set by default. In the above default configuration, nothing is being blocked so you can just go ahead and skip to next step.
# If you must configure the ports then you can perform the following to add those ports.
#
# [[email protected]]# firewall-cmd --zone=public --add-port=8080/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=18080/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=8443/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=18443/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=61616/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=5248/tcp
# [[email protected]]# firewall-cmd --zone=public --add-port=8891/tcp
# [[email protected]]# systemctl restart network.service
# [[email protected]]# systemctl restart firewalld.service
#
# Install prerequisite libraries
# [[email protected]]# yum install -y audit-libs.i686 audit-libs.x86_64 audit-libs-devel.x86_64 audit-libs-python.x86_64 bc.x86_64 boost-devel.x86_64 cairo.x86_64 compat-db.x86_64 compat-db42.x86_64 compat-db43.x86_64 compat-expat1.x86_64 compat-glibc.x86_64 compat-glibc-headers.x86_64 compat-libcap1.x86_64 compat-libf2c.x86_64 compat-libgfortran.x86_64 compat-libstdc++.i686 compat-libstdc++.x86_64 compat-libtermcap.x86_64 compat-openldap.x86_64 compat-openmpi.x86_64 compat-openmpi-psm.x86_64 compat-opensm-libs.x86_64 compat-readline5.x86_64 cracklib.x86_64 db4.i686 db4.x86_64 dejavu-fonts-common.noarch dejavu-sans-mono-fonts.noarch dos2unix.x86_64 elfutils.x86_64 elfutils-libs.x86_64 fprintd-pam.x86_64 freerdp.x86_64 freerdp-libs.x86_64 glib2-devel.x86_64 glibc.i686 glibc.x86_64 glibc-common.x86_64 glibc-devel.x86_64 glibc-headers.x86_64 gnome-keyring-pam.x86_64 ksh.x86_64 libICE.i686 libICE.x86_64 libICE-devel.x86_64 libSM.i686 libSM.x86_64 libSM-devel.x86_64 libXext.i686 libXext.x86_64 libXext-devel.x86_64 libXp.i686 libXp.x86_64 libXpm.x86_64 libXt.i686 libXt.x86_64 libXt-devel.x86_64 libXtst.x86_64 libXtst-devel.x86_64 libgcc.i686 libgcc.x86_64 libpng.x86_64 libselinux.i686 libselinux.x86_64 libssh2.x86_64 libstdc++.x86_64 libstdc++-.i686 libstdc++-devel.x86_64 mksh.x86_64 ncurses.x86_64 ncurses-base.x86_64 ncurses-devel.i686 ncurses-devel.x86_64 ncurses-libs.i686 ncurses-libs.x86_64 pam.i686 pam.x86_64 pam-devel.x86_64 pam_krb5.x86_64 pam_passwdqc.x86_64 pango.x86_64 rpm-build.x86_64
# [[email protected]]# yum install -y redhat-lsb
# In case if yum did not install the /lib/libstdc++.so.5 then you can check your Redhat subscription to add additional libraries.
# Or as a workaround compat-libstdc++-33-3.2.3-69.el6.i686.rpm can be obtained from RHEL6.10 ISO file.
# [[email protected]]# rpm -ivh compat-libstdc++-33-3.2.3-69.el6.i686.rpm
# If this is not installed, then ENTM installation will fail.
#
# Extract the SS04430 zip file and there are 2 iso files.
# CA_PIM_PRM_SRV_14.0.0_1235_LNX.iso == This is the actual installer binary
# CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso == This is 3rd party software required for ENTM installation.
#
# Mount the CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso to Redhat machine.
# [[email protected]]# mkdir /media/iso
# [[email protected]]# blkid
# /dev/sda1: UUID="a97cef91-fa07-414f-8906-bf863b7ea12b" TYPE="xfs"
# /dev/sda2: UUID="54b87c98-3c0d-4f3b-802c-8019673b26b6" TYPE="swap"
# /dev/sda3: UUID="2ca85516-9cd1-4223-8c32-19d3557c397e" TYPE="xfs"
# /dev/sr0: UUID="2018-07-02-05-27-40-00" LABEL="CA_PIM_3P_14.0.0_Linux" TYPE="iso9660"
# [[email protected]] mount /dev/sr0 /media/iso
# [[email protected]] mount: /dev/sr0 is write-protected, mounting read-only
# [[email protected]] cd /media/iso
# [[email protected]] ls
# ActiveMQ JBoss-4.2.3 JDK-1.8.101 TRANS.TBL UnlimitedJCE
# [[email protected]]# cd JDK-1.8.101
# [[email protected] JDK-1.8.101]# cd _x64/
# [[email protected] _x64]# rpm -ivh jdk-8u101-linux-x64.rpm
# Preparing... ################################# [100%]
# Updating / installing...
# 1:jdk1.8.0_101-2000:1.8.0_101-fcs ################################# [100%]
# Unpacking JAR files...
# tools.jar...
# plugin.jar...
# javaws.jar...
# deploy.jar...
# rt.jar...
# jsse.jar...
# charsets.jar...
# localedata.jar...
# This installs java to /usr/java/
# [[email protected] _x64]#
#
# Apply JCE patch
# [[email protected]]# cd /media/iso/UnlimitedJCE/
# [[email protected] UnlimitedJCE]# ./Unlimited_JCE_Jar_Replace.sh
# Please enter your JRE PATH: <<[Default]/usr/java/jdk1.8.0_101/jre>>
#
# JRE path is: /usr/java/jdk1.8.0_101/jre
# JCE backup path is: /opt/backup
# Please enter PATH of new UnlimitedJCEPolicyJDK8 jar files: <</usr/tmp/newjars>>
# /media/iso/UnlimitedJCE
# New UnlimitedJCEPolicyJDK8 path is: /media/iso/UnlimitedJCE
# Files are successfully copied to /usr/java/jdk1.8.0_101/jre/lib/security
#
# Update java.security to allow RC4 cipher which is required by TIBCO MESSAGE QUEUE
# [[email protected]]# vi /usr/java/jdk1.8.0_101/jre/lib/security/java.security
#
# Locate the following line and remove "RC4, " and save.
# jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# change to
# jdk.tls.disabledAlgorithms=SSLv3, MD5withRSA, DH keySize < 768
#
#
# Add JDK/bin folder to PATH
# [[email protected] _x64]# export PATH=/usr/java/jdk1.8.0_101/bin:$PATH
#
# Unzip JBoss
# [[email protected]]# cd /opt
# [[email protected] opt]# unzip /media/iso/JBoss-4.2.3/jboss-4.2.3.GA.zip
#
# Modify JBoss to listen on PIM recommended ports.
# [[email protected] opt]# JBOSS_DIR=/opt/jboss-4.2.3.GA
# [[email protected] opt]# sed -i s/"8080"/"18080"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml
# [[email protected] opt]# sed -i s/"8443"/"18443"/ $JBOSS_DIR/server/default/deploy/jboss-web.deployer/server.xml
# [[email protected] opt]# sed -i s/"1099"/"11099"/ $JBOSS_DIR/server/default/conf/jboss-service.xml
#
# Install ActiveMQ
# [[email protected]]# cd /media/iso/ActiveMQ
# [[email protected] ActiveMQ]# ./install_ActiveMQ.bin -i console
# Preparing to install...
# Extracting the installation resources from the installer archive...
# Configuring the installer for this system's environment...
#
# Launching installer...
#
# ===============================================================================
# Choose Locale...
# ----------------
#
# 1- Deutsch
# ->2- English
# 3- Español
# 4- Français
# 5- Italiano
# 6- Português (Brasil)
#
# CHOOSE LOCALE BY NUMBER:
# ===============================================================================
# ActiveMQ (created with InstallAnywhere)
# -------------------------------------------------------------------------------
#
# Preparing CONSOLE Mode Installation...
#
#
#
#
# ===============================================================================
# License Agreement
# -----------------
# .....
# .....
# .....
#
# DO YOU ACCEPT THE TERMS OF THIS LICENSE AGREEMENT? (Y/N): y
#
#
#
# ===============================================================================
# Choose Install Folder
# ---------------------
#
#
# Default Install Folder: /opt/activemq
#
# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
# :
#
#
#
# ===============================================================================
# Web Console Settings
# --------------------
#
# Please define the port, administrator username, and password for the ActiveMQ
# Web Console.
#
# Web Console Port: (Default: 8161):
#
# Administrator Username: (Default: admin):
#
#
#
#
# ===============================================================================
# Web Console Settings
# --------------------
#
#
# Web Console Administrator Password::
#
#
#
# ===============================================================================
# Web Console Settings
# --------------------
#
#
# Confirm Password::
#
#
#
# ===============================================================================
# Pre-Installation summary
# ------------------------
#
# Please Review the Following Before Continuing:
#
# Product Name:
# ActiveMQ
#
# Install Folder:
# /opt/activemq
#
# Broker Name:
# hostname
#
# Web Console Port:
# 8161
#
# Administrator Username:
# admin
#
# Disk Space Information (for Installation Target):
# Required: 88,657,180 Bytes
# Available: 127,027,798,016 Bytes
#
# PRESS <ENTER> TO CONTINUE:
#
#
#
# ===============================================================================
# Installing...
# -------------
#
# [==================|==================|==================|==================]
# [------------------|------------------|------------------|------------------]
#
#
#
# ===============================================================================
# Installation Complete
# ---------------------
#
# Congratulations! ActiveMQ has been successfully installed to:
#
# /opt/activemq
#
# PRESS <ENTER> TO EXIT THE INSTALLER:
#
# Unmount the /dev/sr0 as the CA_PIM_PRM_3PARTY_14.0.0_1235_LNX.iso is no longer required.
# [[email protected]]# umount /media/iso
# Mount CA_PIM_PRM_SRV_14.0.0_1235_LNX.iso to DVD tray.
# [[email protected]]# blkid
# /dev/sr0: UUID="2018-07-02-05-29-13-00" LABEL="CA_PIM_PS_14.0.0_Linux" TYPE="iso9660"
# /dev/sda1: UUID="a97cef91-fa07-414f-8906-bf863b7ea12b" TYPE="xfs"
# /dev/sda2: UUID="54b87c98-3c0d-4f3b-802c-8019673b26b6" TYPE="swap"
# /dev/sda3: UUID="2ca85516-9cd1-4223-8c32-19d3557c397e" TYPE="xfs"
#
# [[email protected]]# mount /dev/sr0 /media/iso
# mount: /dev/sr0 is write-protected, mounting read-only
#
# Install the Enterprise Management Server
# [[email protected]]# cd /media/iso/EnterpriseMgmt/Disk1/InstData/NoVM
# [[email protected] NoVM]# ./install_EntM.bin -i console -DLICENSE_KEYWORD=Proceed
# Preparing to install...
# Extracting the installation resources from the installer archive...
# Configuring the installer for this system's environment...
#
# Launching installer...
#
# ===============================================================================
# Choose Locale...
# ----------------
#
# 1- Deutsch
# ->2- English
# 3- Español
# 4- Français
# 5- Italiano
# 6- Português (Brasil)
#
# CHOOSE LOCALE BY NUMBER:
# ===============================================================================
# CA Privileged Identity Manager Enterprise Server (created with InstallAnywhere)
# -------------------------------------------------------------------------------
#
# Preparing CONSOLE Mode Installation...
#
#
#
#
# ===============================================================================
# Introduction
# ------------
#
# InstallAnywhere will guide you through the installation of CA Privileged
# Identity Manager Enterprise Server.
#
# It is strongly recommended that you quit all programs before continuing with
# this installation.
#
# Click the 'Next' button to proceed to the next screen. If you want to change
# something on a previous screen, click the 'Previous' button.
#
# You may cancel this installation at any time by clicking the 'Cancel' button.
#
#
# PRESS <ENTER> TO CONTINUE:
#
#
#
# ===============================================================================
# Enterprise Management installation type
# ---------------------------------------
#
# Select the Enterprise Management installation type
#
# ->1- Primary Enterprise Management Server
# 2- Load Balancing Enterprise Management Server
#
# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::
#
#
# ===============================================================================
# Choose Install Folder
# ---------------------
#
# Please choose a destination folder for this installation.
#
# Default Install Folder: /opt/CA/AccessControlServer
#
# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
# :
#
# ===============================================================================
# Java Development Kit (JDK)
# --------------------------
#
# Specify the location of an existing JDK installation:
#
# ->1- /usr/java/jdk1.8.0_101/bin/java
# 2- Choose a Java VM already installed on this system
#
# ENTER THE NUMBER FOR THE JAVA VM, OR PRESS <ENTER> TO ACCEPT THE
# CURRENT SELECTION:
# Unable to install the Java Virtual Machine included with this installer.
#
#
# ===============================================================================
# JBoss Application Server Settings
# ---------------------------------
#
# Please enter the application server settings.
#
# JBoss Folder (no spaces): (Default: /opt/jboss-4.2.3.GA):
# App Server Port: (Default: 18080):
# App Server HTTPS Port: (Default: 18443):
# App Server Naming Port: (Default: 11099):
#
#
# ===============================================================================
# Tomcat Application Server Settings
# ----------------------------------
#
# Please enter the application server settings.
#
# Tomcat port: (Default: 8080):
# Tomcat HTTPS port: (Default: 8443):
#
#
# ===============================================================================
# ActiveMQ information
# --------------------
#
# Please select the location of the ActiveMQ broker installation
#
# ActiveMQ Home: (Default: /opt/activemq):
#
#
# ===============================================================================
# Communication Password
# ----------------------
#
# Enter the Password::
#
# ===============================================================================
# Communication Password
# ----------------------
#
# Confirm Password: :
#
#
# ===============================================================================
# Database Type
# -------------
#
# Specify the database type used to store information:
#
# 1- Oracle Database 11g/12c
# ->2- Microsoft SQL Server 2012/2014
#
# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::
#
#
# ===============================================================================
# Database Connection Information
# -------------------------------
#
# Define the database connection:
#
# Host Name: (Default: sqlserver): 192.168.0.31
# Port Number: (Default: 1433):
# Database Name: (Default: ): ENTM143
# Username: (Default: ): entm143admin
#
#
# ===============================================================================
# Enter Password:
# ---------------
#
# Enter the Password::
#
# ===============================================================================
# User Store Type
# ---------------
#
# Specify the user store that you want to use for this product:
#
# 1- Active Directory
# 2- Embedded User Store
# 3- Other User Store
#
# ENTER THE NUMBER OF THE DESIRED CHOICE: 1
#
#
# ===============================================================================
# Active Directory Information
# ----------------------------
#
# Define the Active Directory connection settings:
# Host: (Default: activedirectory): 192.168.0.1
# Port: (Default: 389):
# Search Root: (Default: ): DC=ldap1,DC=lab
# User DN: (Default: CN=Administrator,cn=Users,DC=ldap1,DC=lab): CN=Administrator,CN=Users,DC=ldap1,DC=lab
#
#
# ===============================================================================
# Enter Password:
# ---------------
#
# Enter the Password::
#
# ===============================================================================
# Administration Information
# --------------------------
#
# Define the information that you will use to log in to this product with an
# existing Active Directory administrator account:
#
# System Manager DN: (Default: ): CN=SystemUser,CN=Users,DC=ldap1,DC=lab
#
#
# ===============================================================================
# Pre-Installation Summary
# ------------------------
#
# Review the following before you continue:
#
# Product Name:
# CA Privileged Identity Manager Enterprise Server
#
# Install Folder:
# /opt/CA/AccessControlServer
#
# Application Server:
# JBoss
#
# JBoss Folder:
# /opt/jboss-4.2.3.GA
#
# JBoss URL and Port:
# http://entm:18080
#
# JBoss HTTPS Port:
# 18443
#
# JDK Folder:
# /usr/java/jdk1.8.0_101
#
# Database Type:
# Microsoft SQL Server 2012/2014
#
# Host Name:
# 192.168.0.31
#
# Port Number:
# 1433
#
# Database Name:
# ENTM143
#
# User Name:
# entm143admin
#
# Database Type:
# Active Directory
#
# Host:
# 192.168.0.1
#
# Port:
# 389
#
# Search Root:
# DC=ldap1,DC=lab
#
# User DN:
# CN=Administrator,CN=Users,DC=ldap1,DC=lab
#
# System User:
# CN=SystemUser,CN=Users,DC=ldap1,DC=lab
#
# Tomcat port:
# 8080
#
# Tomcat HTTPS port:
# 8443
#
#
# PRESS <ENTER> TO CONTINUE:
#
#
# ===============================================================================
# Installing...
# -------------
#
# [==================|==================|==================|==================]
# [------------------|------------------|------------------|------------------]
#
#
#
# ===============================================================================
# Installation Complete
# ---------------------
#
# Congratulations! CA Privileged Identity Manager Enterprise Server has been
# successfully installed to:
#
# /opt/CA/AccessControlServer
#
# PRESS <ENTER> TO EXIT THE INSTALLER:
#
# Update SSL Certificate
# [[email protected]]# hostname --fqdn
# entm
#
# In this case the "hostname --fqdn" returned short hostname which is not preferred.
# In that case, set the FQDN to hostname as below but must ensure it will resolve to this server ip address.
# [[email protected]]#
# [[email protected]]# HOSTNAME=entm.ldap1.lab
# [[email protected]]# echo "Removing the existing keystore"
# [[email protected]]# cd /opt/CA/AccessControlServer/apache-tomcat-7.0.72/
# [[email protected]]# rm .keystore
# [[email protected]]# echo "Generating new keystore for Tomcat"
# [[email protected]]# keytool -genkey -alias "tomcat" -keystore ".keystore" -storepass changeit -keypass changeit -keyalg RSA -dname "CN=${HOSTNAME}, OU=ou, O=myOrg, L=city, ST=state, C=cc"
#
#
# Install Tibco Message Queue
# [[email protected]]# cd /media/iso/TibcoMessageQueue/
# [[email protected]]# ./install_MessageQueue.bin -i console
# Preparing to install...
# Extracting the installation resources from the installer archive...
# Configuring the installer for this system's environment...
#
# Launching installer...
#
# ===============================================================================
# Choose Locale...
# ----------------
#
# 1- Deutsch
# ->2- English
# 3- Español
# 4- Français
# 5- Italiano
# 6- Português (Brasil)
#
# CHOOSE LOCALE BY NUMBER:
# ===============================================================================
# CA Privileged Identity Manager Message Queue (created with InstallAnywhere)
# -------------------------------------------------------------------------------
#
# Preparing CONSOLE Mode Installation...
#
#
# ===============================================================================
# Choose Install Folder
# ---------------------
#
# Default Install Folder: /opt/CA/AccessControlServer/MessageQueue
#
# ENTER AN ABSOLUTE PATH, OR PRESS <ENTER> TO ACCEPT THE DEFAULT
# :
#
# ===============================================================================
# Please choose folder where Active MQ is installed
# -------------------------------------------------
#
# Please choose folder where Active MQ is installed
#
# ActiveMQ Home (Default: /opt/activemq):
#
#
# ===============================================================================
# Enterprise Management installation type
# ---------------------------------------
#
# Select the Enterprise Management installation type
#
# ->1- Primary Enterprise Management Server
# 2- Load Balancing Enterprise Management Server
# 3- Distribution Server
#
# ENTER THE NUMBER FOR YOUR CHOICE, OR PRESS <ENTER> TO ACCEPT THE DEFAULT::
#
#
# ===============================================================================
# Please choose folder where AccessControl is installed
# -----------------------------------------------------
#
# Please choose folder where AccessControl is installed
#
# AccessControl Home (Default: /opt/CA/AccessControlServer):
#
#
# ===============================================================================
#
# The password is used for administrating the message queues, reading messages,
# sending message by the report agents and for protecting the default server
# encryption key store. Note: We recommend that you replace the default key
# store after installation.
#
# Password::
#
# ===============================================================================
#
# Confirm Password::
#
# ===============================================================================
# Pre-Installation summary
# ------------------------
#
# Please Review the Following Before Continuing:
#
# Product Name:
# CA Privileged Identity Manager Message Queue
#
# Install Folder:
# /opt/CA/AccessControlServer/MessageQueue
#
# Application Version:
# 14.0.0.1235
#
# Disk Space Information (for Installation Target):
# Required: 251,779,837 Bytes
# Available: 124,248,899,584 Bytes
#
# PRESS <ENTER> TO CONTINUE:
#
#
#
# ===============================================================================
# Installing...
# -------------
#
# [==================|==================|==================|==================]
# [------------------|------------------|------------------|------------------]
#
#
# ===============================================================================
# Installation Complete
# ---------------------
#
# Congratulations.Tibco Message Queue has been successfully installed.
#
# PRESS <ENTER> TO EXIT THE INSTALLER:
#
#
#
# Verify the Tibco Message Queue bridging is enabled referring the documentation below.
# https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-identity-manager/14-0/implementing/install-the-enterprise-management-server/install-the-tibco-message-queue.html
#
#
# Unmount the /dev/sr0 as the installer is no longer required
# [[email protected]]# umount /media/iso
#
# Check ENTM service status
# [[email protected]]# cd /opt/CA/AccessControlServer
# [[email protected]]# ./pimctl.sh status
#
# CA Privileged Identity Manager
# Copyright (c) 2016 CA. All rights reserved.
#
# activemqd [ RUNNING ]
# im_jcs [ RUNNING ]
# proxymanager [ RUNNING ]
# tomcatd [ RUNNING ]
# guacd [ RUNNING ]
# eventforwarder [ RUNNING ]
#
# jbossd [ RUNNING ]
#
# CA ControlMinder Security Daemon [ RUNNING ]
# CA ControlMinder Watchdog Daemon [ RUNNING ]
# CA ControlMinder Agent Daemon [ RUNNING ]
# CA ControlMinder Web Service [ RUNNING ]
# CA ControlMinder ReportAgent [ RUNNING ]
# CA ControlMinder Policy Model(DMS__) [ RUNNING ]
# CA ControlMinder Policy Model(DH__) [ RUNNING ]
# CA ControlMinder Policy Model(DH__WRITER) [ RUNNING ]
# CA ControlMinder Policyfetcher [ RUNNING ]
# CA ControlMinder Agent Manager [ RUNNING ]
# CA ControlMinder Agent Manager(AccountManager) [ RUNNING ]
# CA ControlMinder Agent Manager(DiscoveryAgent) [ RUNNING ]
# CA ControlMinder Agent Manager(PupmAgent) [ RUNNING ]
#
#
# Above shows everything is running. Following is just reference from documentation how you can check individual services.
# [[email protected]]# /opt/CA/AccessControlServer/APMS/AccessControl/bin/issec
# [[email protected]]# /opt/CA/AccessControlServer/APMS/AccessControl/bin/seload
# [[email protected]]# systemctl start jbossd
# [[email protected]]# systemctl status tomcatd
# [[email protected]]# systemctl status guacd
# [[email protected]]# systemctl status activemqd
#
# Access "CA Privileged Identity Manager Enterprise Console"
# Use browser to access http://<entm>:18080/iam/access
# The login page would appear with the AD DOMAIN NAME (in this case "LDAP1.LAB" in the DOMAIN dropdown menu.
# Login as Administrator user and password.
#